CVE-2022-49526
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
26/02/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
md/bitmap: don&#39;t set sb values if can&#39;t pass sanity check<br />
<br />
If bitmap area contains invalid data, kernel will crash then mdadm<br />
triggers "Segmentation fault".<br />
This is cluster-md speical bug. In non-clustered env, mdadm will<br />
handle broken metadata case. In clustered array, only kernel space<br />
handles bitmap slot info. But even this bug only happened in clustered<br />
env, current sanity check is wrong, the code should be changed.<br />
<br />
How to trigger: (faulty injection)<br />
<br />
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda<br />
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb<br />
mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb<br />
mdadm -Ss<br />
echo aaa > magic.txt<br />
== below modifying slot 2 bitmap data ==<br />
dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0959aa00f9765bd8c654b1365012e41b51c733cc
- https://git.kernel.org/stable/c/27f672af28a8e9b783ff7f0eaf7ef2fbd5a2f4ba
- https://git.kernel.org/stable/c/422e8f7ba1e08c8e0e88d375bcb550bc2bbfe96d
- https://git.kernel.org/stable/c/cf9392282a2cf5a8d83dd1c5aa1a097e12f172bc
- https://git.kernel.org/stable/c/d8f1558e1daf54f53a90b4c5700ae3e3a4b13412
- https://git.kernel.org/stable/c/e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2
- https://git.kernel.org/stable/c/e69e93120f6219b9cc4fba3b515b6ababd8548aa